New CompTIA SY0-401 Exam Dumps Collection (Question 5 - Question 14)

In a PKI the sender encrypts the data using the receiver's public key. The receiver decrypts the data using his own private key. The key pair consists of these two keys.

Q2. A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as biometrics, discussed later in this chapter.

Somewhere you are: a physical or logical location.

Something you do: typing rhythm, a secret handshake, or a private knock.

Q3. The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?

A. Disable the SSID broadcasting

B. Configure the access points so that MAC filtering is not used

C. Implement WEP encryption on the access points

D. Lower the power for office coverage only

Answer: D

Explanation:

On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.

Q4. After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).

A. Recovery

B. User assigned privileges

C. Lockout

D. Disablement

E. Group based privileges

F. Password expiration

G. Password complexity

Answer: F,G

Explanation:

Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.

Q5. Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised?

A. Elliptic curve cryptography.

B. Perfect forward secrecy.

C. Steganography.

D. Quantum cryptography.

Answer: D

Explanation:

Quantum cryptography is a cryptosystem that is completely secure against being compromised without knowledge of the sender or the receiver of the messages.

Q6. Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?

A. Hard tokens

B. Fingerprint readers

C. Swipe badge readers

D. Passphrases

Answer: B

Explanation:

A multifactor authentication method uses two or more processes for logon. A twofactor method might use smart cards and biometrics for logon. For obvious reasons, the two or more factors employed should not be from the same category.

Q7. Which of the following relies on the use of shared secrets to protect communication?

A. RADIUS

B. Kerberos

C. PKI

D. LDAP

Answer: A

Explanation:

Obfuscated passwords are transmitted by the RADIUS protocol via a shared secret and the MD5 hashing algorithm.

Q8. A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

A. Implement Group Policy to add the account to the users group on the hosts

B. Add the account to the Domain Administrator group

C. Add the account to the Users group on the hosts

D. Implement Group Policy to add the account to the Power Users group on the hosts.

Answer: A

Explanation:

Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account.

Q9. During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?

A. Conditional rules under which certain systems may be accessed

B. Matrix of job titles with required access privileges

C. Clearance levels of all company personnel

D. Normal hours of business operation

Answer: B

Explanation:

Role-based access control is a model where access to resources is determines by job role rather than by user account.

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department.

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role.

Q10. Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?

A. ECC

B. RSA

C. SHA

D. 3DES

Answer: D

Explanation:

3DES would be less secure compared to ECC, but 3DES would require less computational power.

Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and itu2019s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).